Support Thread

Information On Private User & Custom Group Permissions For Forum Management

Information On Private User & Custom Group Permissions For Forum Management — APG vNext Guide

Information On Private User & Custom Group Permissions For Forum Management — a configuration and setup topic from the APG vNext support community.

Key Configuration Points

  • IIS App Pool: .NET 4.0 Integrated Pipeline mode is required.
  • Connection String: Verify SQL Server name, database, and credentials in web.config.
  • File Permissions: App pool identity needs read/write on the upfiles folder.
  • URL Rewriting: Install IIS URL Rewrite 2.0 module for clean SEO-friendly URLs.
  • Full-Text Search: Enable SQL Server Full-Text Indexing for forum search.

More Help

Custom Group Permissions in APG vNext

APG vNext provides a flexible permission system that lets administrators define exactly which user groups can access, read, post in, and moderate each forum section. Custom groups extend the built-in roles with tailored access tiers that match your community structure.

Creating and Managing Custom Groups

Navigate to Admin > User Groups > Add New Group to create a custom group. Each group needs a unique name, a display badge (optional), and a base permission template to inherit from. You can create groups like Premium Members, VIP Supporters, Staff Writers, or Regional Moderators, each with distinct capabilities across different forum areas.

Once created, assign users to the group via Admin > Users > Edit User > Group Memberships. Users can belong to multiple groups simultaneously. When a user is in multiple groups, APG vNext resolves permissions by taking the most permissive setting across all group memberships, unless an explicit Deny override is set — which always wins regardless of other group settings.

Forum-Level Permission Overrides

For each forum, you can override the group defaults. Go to Admin > Forums > Edit Forum > Permissions and add per-group rules. The available permission types include: View Forum, Read Posts, Start New Topic, Post Reply, Edit Own Post, Delete Own Post, Upload Attachments, Manage Poll, and Moderate. Set each to Allow, Deny, or Inherit to build your access matrix.

A typical private staff forum setup would deny all permissions to Guests and Registered Users at the forum level, then add an explicit Allow for the Staff custom group. This makes the forum invisible to non-staff members while allowing full access to staff.

Private User Permission Overrides

Beyond group-level settings, APG vNext supports per-user permission overrides for exceptional cases. For example, you might restrict a specific user from posting in one forum without removing them from their group, or grant a single trusted user moderator access to one section without a full moderator promotion. Access per-user overrides at Admin > Users > Edit User > Permissions. These individual overrides take precedence over group settings.

Testing Your Permission Configuration

After setting up permissions, always verify them by logging in as a test account in each relevant group. Check that restricted forums are invisible to unauthorized groups and that allowed groups have the expected level of access. Use browser incognito mode to test guest access separately. Clearing the application cache from Admin > Tools > Clear Cache after making changes ensures stale permission data is flushed and the new rules take immediate effect.

Common Permission Pitfalls and How to Avoid Them

The most common mistake is forgetting that Deny always overrides Allow. If a user is in two groups where one grants Allow and the other has Deny for a specific permission, the Deny wins. This is intentional by design and prevents privilege escalation, but it can cause confusion when a user belongs to a high-permission group yet cannot access something because of a Deny in a secondary group they were inadvertently assigned to.

Another common issue is not setting explicit forum-level overrides and relying entirely on group defaults. This works initially but becomes fragile when new forums are added, since new forums inherit whatever the group default happens to be at creation time. Better practice is to explicitly configure permissions on each forum rather than relying on inheritance cascading correctly.

Remember also that APG vNext forum categories (parent nodes) have their own permission settings separate from the child forums inside them. A user who cannot see a category will not see any forums inside it, even if those forums have explicit Allow permissions for their group. Configure permissions at the category level first, then refine at the forum level below.

Moderator Assignments via Custom Groups

Custom groups can be assigned as moderators for specific forums. A moderator assignment gives group members the ability to edit and delete any posts, move topics, lock and unlock threads, and approve queued posts in their assigned forums. Unlike global administrator permissions, forum-level moderator rights are scoped only to assigned forums, making it safe to promote trusted community members to moderator roles without giving them site-wide admin access.

Auditing Permission Changes

APG vNext logs administrative actions including permission changes in the admin audit log. Review the log periodically at Admin > Reports > Audit Log to track who changed what permissions and when. This is especially important in organizations where multiple administrators manage the forum, ensuring accountability and making it easy to roll back accidental changes by identifying exactly what was modified.


Looking for more help? Browse the support forum or check the Knowledge Base.